How do I use the findings from MCP Risk Analyzer?
Each finding cites the precise tool name, the matched factor, a why sentence explaining the blast radius, and a fix string you can apply directly (e.g. constrain scopes, add auth gate, split read vs egress, replace free-text schema with enu…
How do I use the findings from MCP Risk Analyzer?
Answer
Each finding cites the precise tool name, the matched factor, a why sentence explaining the blast radius, and a fix string you can apply directly (e.g. constrain scopes, add auth gate, split read vs egress, replace free-text schema with enums). Edit the manifest, re-score, and only install once risk drops below high and you have recorded the requestId plus x402 receipt for your audit log.
Related workflows
Pair MCP risk scores with DestructGuard command blocking at runtime and ReviewQueue for human review of ambiguous tool additions. Export the scored findings JSON alongside your agent session JSONL so IncidentScribe timelines include the pre-install risk evidence. Re-score any server after manifest changes before promoting to production agents.
Next steps
POST the manifest to /api/agent-services/mcp-risk/score (x402) for hosted scoring or install the Operator Pack CLI and run mcp-risk score manifest.json locally. Apply the concrete fix recommendations, re-export the manifest, and re-score until risk is medium or low. Store requestId with your session audit for compliance.
FAQ
How do I use the findings from MCP Risk Analyzer?
Each finding cites the precise tool name, the matched factor, a why sentence explaining the blast radius, and a fix string you can apply directly (e.g. constrain scopes, add auth gate, split read vs egress, replace free-text schema with enums). Edit the manifest, re-score, and only install once risk drops below high and you have recorded the requestId plus x402 receipt for your audit log.